logo
DATABASE RESOURCES PRICING ABOUT US

gptf.org.na Cross Site Scripting vulnerability

Description

Open Bug Bounty ID: OBB-1029050 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[gptf.org.na](<http://gptf.org.na>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[XSS (Cross Site Scripting)](<https://www.owasp.org/index.php/Cross-site_Scripting_\(XSS\)>)** / CWE-79 CVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **g0bl1nsec ** Remediation Guide:| **[OWASP XSS Prevention Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAHoUlEQVR4nO3cX0hTbxgH8ONmMnXDpm7OqeVMIiJMTGSFlXgRRkOKEqIWBoWFmJgXktJ/IUExKsS8KMluuqmI0YWEUJQMUVumU5eKtU1nWFstVk3R7Xdx+B0O5+wc/+Rp5r6fq/PM8z7ned8XfNzZcWF+v58AAAAQgCjYBQAAwJqFHgMAAEJBjwEAAKGgxwAAgFDQYwAAQCjoMQAAIJRV0WM0Gs379++5wjUpFOYIABD8HjMwMODz+bZv3x4wXJNCYY4AAMSCPcZqtcpksoA/crvddXV1XOHiGQyGwsJCrnDx2AWcP38+MjKyra1tGdkEtew5LhvPPgo6FgBC3PLfx3z//v3GjRtc4eKtVI9hFOB0Ou/cudPV1aXX65eRTVB/v8cAAARFeHAvPzU1NTIykpeXFzD8Ex6PJyoqahXej1rBOQIArHKLeh9z+/ZtjUYTFxd34sQJt9tNEITb7U5NTfV4PGFhYW1tbfTw5s2bMpmsoaEhISFBLpcXFxf//v2bK7PBYNi3b9+6devY4dTU1IEDB2QymUajaWxslMvlxP/3bdjJGfU4nU56SL/iz58/z5w5o1AoUlJSrl27Nj8/T6Wtq6tTKBSJiYn379/nKoCOHNXY2KjRaORy+fHjx8nFIQiip6dn586dkZGRCoWiqKhocnIy4JR7enp2794tk8mSkpIOHz48PDxMEMTMzMypU6dkMtnGjRuvXLlCVhgwZ8Cy5+fnq6urExISoqOji4qKnE4nzz6yp8O1ceyx/OcDABCL6TEej6evr89oNHZ3dzscjgsXLhAEERMTY7FYpFKp1+vV6/X08NChQx6Pp7u7u7e3t7e312Qy1dfXcyXnuVFWVlYWERExNjbW0dHx8OFDej3s5Ix64uLi6CH9iuXl5Q6Hw2Qytbe3GwyG5uZmKq3FYjGbzQ8ePMjNzeUpgLE4/f395OLYbLaamhrydZPJVFJS8vnzZ7PZnJycXFZWFnCOOp3u5MmTNputs7MzNzdXIpEQBHH9+vVfv3719/e3t7e/fv26paWFJye77Pr6+o6Ojo6OjpGREbVaPTQ0xLOP7OkE3DiusYvfaAAIUX5enz59Igjix48fZGg0GtPS0qgfSaVS+plkSA6x2Wzk60+fPs3OziaPbTZbamoqNcTj8UilUpfLxQ7n5uYkEsn4+DiVZP369fzJueqhm5ubk0qlVFqDwaDVaqm0VCU8BfAsTmdnJ7U4dGNjYyqVij1Hl8sVHh7u9XoZ58fHx3s8HvK4r68vJyeHKye7bL/fr1QqTSYTf6n0fWScw15brrE8ewEAQFr48xipVEo9VqRWq10u14JDJBJJSkoKebxlyxabzUYNNxqN1GkvXrzIycmh7kHRw+npaZ/Pp9FoqCQLJl+M6enp2dlZelryFyU5TfrdMJ4C6OiLk5ycTC3Ou3fvqqqqhoaGZmdnfT6fz+djz1Eulx85ckSr1ebn56vV6uzs7L1793779u3r16+pqank+T6fLzw8nCcno2y32+1yuTIyMvhL5dpHrrXlGvsnewEAoeCvfuYvFosTExOpcKWeKFuFDh48ePr06ZaWFolEMjExUVBQQL7OmOOjR4/evn1rNpsdDkdlZeWuXbtqampEIlFvby/VWkQiEX9ONrFYLNjMAACWQJD/wfR6vXa7nTweGRnZsGED+5z5+fnnz59Tv3AZoVKpFIlEVquVDC0Wy5KSc1EqlRERER8/fqTSUu8Y2GdyFbCgL1++OByOS5cubdq0KSkpifyUhWDNkbRjx47i4uLq6urW1tZnz54lJiZGRUW5XK6k/5FdmSsnQ0xMTGxs7LK/QWCpa/snewEAoWD5PSY+Pt7r9Y6OjgYMKysrJycnBwcHr169qtPpqFEzMzPkgdFoVKlU1M0oRigWi3U6XUVFhdVqJZPQLx0wOaMAOuqiYrH46NGjFRUVdrudHH7s2LGAs+MpgMrGRaFQxMbG3r171+12j46OUmMZcxweHt6/f//Lly+dTqfdbm9qasrMzCQIQq/Xl5aWDg4OTk1NNTQ01NbW8uRkq6ioKCkpGRgYmJycPHfu3Js3b/irZUyHa+O4LPV8AAgpy+8x0dHRFy9ezMzMJB8OpsInT55IpdLs7OysrKzc3NyMjIyqqipyiNVqjY+PJ48XvFHW1NQ0Nze3bds2nU5H7wRcyRn1UOgXJQji1q1bKpUqKyuroKCgsLCwtLSUa4IBC2Bk4/L48ePW1laVSrVnz560tLSAc0xPT9dqtWfPniU/jPF6vffu3SMr1Gq1BQUF6enpr169op6LC5iTraqqKi8vLz8/Pz09fWJiYuvWrTx1MqbDtbZclno+AIScFX+KIOADXWybN2/u6uriChksFotSqVx88hVHFfAn+OcYdEtd22DtBQD8Q4L2f/4fPnzgCRn6+vp4/nL/C1akAP45AgCsPUH+LhketbW1arW6sLBwfHy8pqbm8uXLoVYAAMC/Lvjf7c8lLy+vubk5OTlZr9eXl5cXFxeHWgEAAP+6ML/fH+waAABgbVq972MAAOBfhx4DAABCQY8BAAChoMcAAIBQ0GMAAEAo6DEAACAU9BgAABAKegwAAAgFPQYAAISCHgMAAEL5Dxk3Ylqkjh9eAAAAAElFTkSuQmCC) --- HTTP POST data: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAHW0lEQVR4nO3cb0gTfxwH8Fm3ObYTdG3TmOGs2CNZEhZBBTHCJEQGlSUMs5CyqDGGBdWT5YMZtAp6vKBA6EmI7FFBRIyI/jNNzIbKHGst2MaEs6bN7vfg4Dh2d9s5PZ3+3q9Hu+99v3efz/XlPtv3K1XQNK0AAACQwZb1DgAAADYt1BgAAJALagwAAMgFNQYAAOSCGgMAAHJBjQEAALmUV41pbGwcHR1d7yhALqOjo5cuXSrQ4e/fv11dXb9+/ZJyNcwWgPJXRjXm69ev//7927Nnz3oHAnLp6ekxm80FOiiVSpVK1d/fX/RSmC0AG8Jq1pjZ2dmqqqqShwcCgY6OjrWJYW5ubnBwUMp1Zmdna2pqVhjVsqxWCuWAG2QqlRobG3O5XOzZhYWFrq6uvGRdLtfLly+LXrmsZgsAiCmj3zGr8tZoaGhIJpNFu2UyGa/Xu8J7yWQTpMDiBklRlEajqaysZA4XFhba2tpyuVzeEJ1OR1FU0StjtgBsCKtZYwiCsFgspY39+fNnOBw+cuTIysNg32IrweaykqRKtioplLlEInH06FGfz1fC2HKbLQAgpniN+fHjx7Fjx7Ra7a5dux48eFBg4chkMn3+/Jn5/OLFi6JX5vYJBAKtra1KpVKhUHz8+PHw4cNVVVUmk+nEiRPfvn1j+iwtLd24caO2tlar1Z46dSqVSjFrHYODgwaDYfv27Y8ePeKufjCf7969W1tbW1NTc/bs2T9//igUirm5ObPZTFFURUXFkydPBENlczGZTO/fv5eYFLeDYBYypSAYm9hY/h0VCsX8/PzFixcNBsOOHTtu3769tLTE9rx3715jY6NWqz19+nQqlbp27ZrBYNi2bdu5c+fm5+eXFSRXQ0PDrVu3Cj9PsWe7jrNF8FEDgCi6GLvdfvLkyWg0OjU1ZbVaq6urmXY9D3dUXV2dzWb79OmT4DU/fPhgs9nq6urYluPHjw8NDTGfjUaj3+9Pp9MzMzP379+fmZlh2r1eb0tLy9jYWCwWczqdwWAwEokoFIru7u5EIvH8+fPJyclIJEKSJNOfOcsG39TU5PF4mFOTk5MkSWaz2VwuVzhUiUnxMxLMQqYUBGMTG8u/I03T58+fb29vj0aj4+Pje/fuffjwIdvT4XDEYrFwOHzo0CG9Xt/T0xOPx5mfEU6nU3qQ3Ly4QeY18lvKarYUngYAkKdIjcnlcmq1OhqNMofDw8NsjYnxcAdSFOX1enU6XWdnZzgcZtvD4XBnZ6dOp/N6vRRFsZ1Jkkyn0zRNp9NpgiCy2Sw/GKPR+OXLF24L815gBrIteW8NbvAtLS38bmKh8gn2FMxILAuZUhCMTWws/465XI4kSfbtHAgEDhw4wPbMZDJM+5s3b7Zs2fL792/m8O3bt7t375YeZAk1pgxni+CjBgAxRWpMPB5Xq9Xs4cTEBFtjpEin03a7nSAItoUgCLvdzr62GMPDwzabjT08c+ZMc3Oz2+32+XyvX79mGjOZDEEQzBdJVuE3VCQSyQveaDSKDeSHKjEpwYwEs5A7hbzYxMbyB8bjcZVKxR6Gw2HmR0Nez0gkwv3XZw8lBllCjSnb2UIvZ8IA/J+Vvudv4MnrMD09feXKlWAwODAwwDYODAwEg8HLly9PT0+zjXl/I/T06VO/32+1WhcXF91u99WrV9lTW7duLTngAgRDldhTMCOFeBYypSAY20ZXnrNFsRkfNYBcCpegvLWykZERiWtlfX19JEm63e5kMpl3zWQy6XK5SJLs6+tjbqHX69mFmjyhUKi+vp75bDQaQ6EQ92zRb6YKzurHyMiI4OpHgVDziPXMy6hAFjKlIBib2Fj+HQuslUn8HSMlyNL2Y8ptttDLmTAAIHXPPxaLjY+PNzc3S1wrczgckUikQIdIJOJwOGiaDgaDTU1NbPvExERbW9urV6+SyWQ0Gu3t7W1vb2dOeb3e/fv3M7u4zLdIKW8NbvDsLi5FUQRBMIvpRUOVmBSbUYEsZEpBMDaxsYLv+t7e3o6ODv6ev/QaUzTIaDTKXYziJ8uYmpriz7HymS2CjxoAxBSvMbFYrLW1VaPR7Ny50+fzLWs/Ror+/v6bN2+yh4uLix6Px2KxqFQqo9HocDgSiQRzKpfLXb9+Xa/Xq9Vqu92eTCaLvjVIkrxz547RaKyuru7u7mb3q2ma9ng8Go3m8ePHq5tO4SzWMgWxsYI1hqKoCxcu6PX6+vp6j8fD7GRIrzFSgsxms2q1Om+TnB/Ms2fPrFar2IPdlLMFYBMrXmO48t4yq8Jisbx79251r8kQfJluLCtJYc3Sl34jp9PJ3a7ny2azZrPZ7/eLdcBsAdhYiLXd/RHw/fv39Q4B1ojP5wuFQgU6VFZWDg0NHTx4UKwDZgvAxlJG/18ZbHpKpXLfvn2F+xQoMACw4aDGAACAXCpoml7vGAAAYHPC7xgAAJALagwAAMgFNQYAAOSCGgMAAHJBjQEAALmgxgAAgFxQYwAAQC6oMQAAIBfUGAAAkAtqDAAAyOU/w0mT1hVMMR0AAAAASUVORK5CYII=) --- **Screenshot:** ![gptf.org.na vulnerability](/twimages/screen-1029050.jpg) **Mirror:** [Click here to view the mirror](<http://1029050.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 2 December, 2019 17:33 GMT ---|--- Vulnerability Verified:| 2 December, 2019 17:43 GMT Website Operator Notified:| 2 December, 2019 17:43 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 2 December, 2019 17:43 GMT Vulnerability Fixed:| 4 January, 2020 17:43 GMT ---|---